High-Security Chip Cracked

February 3, 2010

High-Security Chip Cracked

Christopher Tarnovsky,
who operates the California-based consulting firm Flylogic Engineering, must
strike dread into the heart of anyone working on secure computer chips.

At the Black Hat DC, a
computer-security conference in Washington, DC, Tarnovsky gave an impressive
demonstration of how even the most secure system will fall under a sustained,
determined attack.

Tarnovsky says that he
spends almost every waking moment hacking chips. He even owns a focused ion
beam work station–a secret weapon for chip hackers. Such a machine costs a
quarter of a million dollars, used.

The target in
Tarnovsky’s demonstration was the family of chips used for trusted platform
computing, and for controlling access to the Xbox 360, GSM SIM cards, and satellite
television transmissions. After six months of intense work, Tarnovsky says he developed
a technique that allows him to break one of these chips in a matter of hours.

That’s not to say that
the chip’s security is poor. Tarnovsky speaks of its design with great respect.
When he describes what he had to do to get into it, it’s easy to see why: the
device is loaded with encryption, dummy data, light sensors that destroy the
chip if they detect a signal, and a complex coating of mesh that will also kill
the chip if it’s mishandled.

“It’s a really
nice design,” Tarnovsky says, “but it’s not as secure as they claim
it is.” This turns out to be the message he wants to get across. Since
this chip is rated with extremely high security, Tarnovsky has identified
improvements that he believes should be made to protect it further.

However, he
acknowledges that few people have the skill and equipment needed to break the
chip. In this case, announcing that he’s broken the device won’t mean a flood
of copycat hackers. Instead, it just shows that nothing is invulnerable.